CVE-2025-12818

Опубликовано: 13 нояб. 2025

Источник: debian

EPSS Низкий

Описание

Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
postgresql-18	fixed	18.1-1		package
postgresql-17	removed			package
postgresql-17	fixed	17.7-0+deb13u1	trixie	package
postgresql-15	removed			package
postgresql-15	fixed	15.15-0+deb12u1	bookworm	package
postgresql-13	removed			package

Примечания

https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/
Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=600086f471a3bb57ff4953accf1d3f8d2efe0201 (master)
Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7eb8fcad860e9a0548191dab7a87a5bead5f8e91 (REL_18_1)
Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=f5999f01815969dfe8df33bac9c0f1aa38dd6cd5 (REL_17_7)
Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=91421565febbf99c1ea2341070878dc50ab0afef (REL_15_15)
Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d6f0c0d6d6d3f14177848e4a00df988fa2f0a09a (REL_13_23)

EPSS

Процентиль: 23%

0.00074

Низкий

Связанные уязвимости

CVE-2025-12818

CVSS3: 5.9

ubuntu

3 месяца назад

CVE-2025-12818

CVSS3: 5.9

nvd

3 месяца назад

CVE-2025-12818

CVSS3: 5.9

msrc

3 месяца назад

PostgreSQL libpq undersizes allocations, via integer wraparound

RLSA-2026:0695

rocky

18 дней назад

Moderate: libpq security update

RLSA-2026:0594

rocky

20 дней назад

Moderate: libpq security update

EPSS

Процентиль: 23%

0.00074

Низкий